Defense+ causing memory errors on Apps

First, hello everyone! :slight_smile:

So…as the title says… :frowning: im having some trouble running an app here.
Every single time i try running it, all i get is:
Not enough memory for jump table!” and then
Could not allocate memory!” and nothing else after that.

Tried reinstalling the app, didn’t work. Finished unimportant processess, nothing. Uninstalled CIS and voila, it worked fine. Reinstalled, and the error got back.

Actually, im having exactly the same trouble listed on THIS topic here, with exactly the same app:
tough running it won’t list anything under “defense+ events”

And i tried everything said in it, and nooone worked. In fact, everything i change under Computer Security Policy doesn’t seem to change anything at all.
Example: You add a file on it, press OK. Open again, remove file, press ok. Open again, and it’s still there!

I usually don’t ask for help, unless it’s really something that i tried everything… :embarassed:

!ot! The guy on the other topic said the update solved it, but im trying to run the online version of the same app, and there is no update for it! (Project64k)

I think the second item on this post - adding to BO exclusions - is what solved it: here.

(Using the first suggestion - making it an installer/updater - may expose you to security risks. So you could temporarily experiment with it, but only to run games you know to be safe).

But if CIS is not remembering rule mods you may need to uninstall and re-install first.

Best wishes


Thanks for the help, unfortunately…

Adding to exclusions doesn’t help. I just reinstalled it, tried the same, didn’t work.

Disabling the Defense+ completely under the options actually worked, but it’s pretty dangerous to mess around with it disabled…

Ok yes, I misunderstood.

Um best I can suggest is to post your active process list when the game and console are running, so we can see how it is running. Maybe we are excluding or making safe the wrong files.

Thing is, it DOESN’T run. The app crashes as soon as i start it, there’s not even a loading before the crash. It just crashes immediately.

Note: Don’t get fooled by the skin, i’m running XP Professional here.

[attachment deleted by admin]

OK but the D+ ~ Active Process List may still help (not the OS one). We need to see what support executables there are, and what privs they are running with, & what calls what. So start it, let it crash. If you get the timing right you may catch it on the APL before the view refreshes, or you may see what executable it runs under when it opens and closes, even if you don’t we may see other executables running from the same vendor or a licensing software vendor, or the equivalent.

No guarantees, but we’ll try.

Best wishes


Did exactly what you said, and here goes the results…

Sandbox seens to be disabled for it, and it’s a trusted file. I couldn’t find any kind of other info… :frowning:

Also, not sure if it helps, but the first time that i tried running the app AFTER i reinstalled CIS, i got that popup message tellin me that: “Project64k.exe is trying to hook on nView.dll”. I allowed it. It also told me that it was put “Partially in sandbox” and i clicked on “do not isolate again”. Then the error poped up.

You think it may be “somewhere” on that hook with nView.dll? :-\

[attachment deleted by admin]

If it says it’s isolating the file, the sandbox is not disabled.

After telling it not to isolate the file again, did you exit the application and restart it?

The app crashed after i told it not to isolate. Tried running it again, nothing. :-TD

But i don’t think the sandbox is causing this, since disabling the Defense+ makes it run just fine. :stuck_out_tongue:

Well we are starting to know more about how this program operates. It should be loading the game somewhere - any idea what these files are called? Does the error occur with all games, maybe before it loads any?

There may also be some for of service, so posting your services list, showing vendor names, and a complete D+ events list for the last few days (there’s a more button at the bottom of the log view). If you have CCE installed we can learn a bit more from the services display in killswitch, like what services are unknown to CIS.

For all the files we discover we need to know what directory they are in? Apps can deposit files in common and windows directories as well as program directories, in x64 and x32 directories. When we create files to allow these apps we will start by excluding the directories, then see if we can narrow it down to specific files for security reasons

Best wishes


It’s an emulator. And it crashes when i open the app itself, not when i run the game.

There’s no vendor name as you saw, it’s not some paid app…

If you have CCE installed
What's that?
For all the files we discover we need to know what directory they are in?
Couldn't really understand it perfectly (not so good english here), but the app is inside a folder on desktop. There is also an older version of the same app inside a folder on My documents, but it gives me the same error.

Maybe i’m doing something wrong with the configuration of Defense+… ??? Altough it’s set to installer under the defense+ rules and on exclusions in sandbox.

!ot! BTW, the defense+ event log shows me… 875 events…
Log goes below, i scrolled a little to see, and its just the “access memory”.

[attachment deleted by admin]

I’m bumping the topic… not sure if there are rules against bumping, if there is, sorry. :-[

NO problem with bumping. Did review this post…

But I still need this information: "a complete D+ events list for the last few days (there’s a more button at the bottom of the log view). " Please make sure that all column are showing.

Also: “services list, showing vendor names”. You can find this via Control Panel ~ Admin tools ~ Services

CCE is Comodo Cleaning Essentials. If you are technically trained you may be able to make use of it to gather more information, particularly the Killswitch module. But it needs using carefully.

Hold off on the directory until we have the above information.

When you installed this program, did you us an installer, or just download/copy files?

Best wishes


Logs are both in the RAR file attached, since i couldn’t upload HTM. :wink: The second log (servies list) seens a bit messy tough. Not sure if you’ll understand since everything detailed there is in portuguese. :-\

The program does not come with an installer, just the plain regular zipped stuff. Unzip, you’re done. 8)

[attachment deleted by admin]

Thanks. Is Rockmelt an application which uses the emulator? Just as an aside should be easy to unsandbox this by adding it to trusted files. When apps use the emulator do they run in its context (ie hierarchically beneath the emulator in the active process list view).

For the moment could you please publish a screenshot the contents of the directory into which you unzipped the emulator, and the content of the director that contains all the ROMs, plus exact paths for both.

Are you running under Admin or User account? What is your UAC setting?

Worth trying running emulator using right click ‘run as admin’ I think. I assume installer/updater definition and exclusions are still in place. (May be worth you checking this FAQ to ensure you have set up the installer updater definition right Making installer updater rule effective..

Also worth trying setting D+ in learning mode. Don’t run any risky software - eg unknown games - in this mode though, nor with emulator set to installer/updater.

When you have published the directories we’ll first try some directory level exclusions, then look at possible interactions with graphics software.

Best wishes


Rockmelt is a variant of google chrome. I barely use it, sometimes to access some newer stuff my old firefox can’t handle right.

There is only one game i’ll need, and it sits in the same place of the emulator.
Path for then is C:\Documents and Settings\Master\Desktop\project64kvelho

I’m running an admin account (named Master). No UAC (my skin fooled ya? its XP pro here mate).
Tried running as admin, same stuff. And, yeah, everything looks good from the

Training mode… nope, doesn’t work. :frowning:

I’m starting to lose hope man…

[attachment deleted by admin]

Don’t give up yet, I am rarely beaten. If nothing else we will find a bug that can be fixed in CIS 6 (hopefully)

  1. If XP pro is 32 bit, untick advanced protection mode and reboot then re-try. This will not effect security in 32 bit systems.

  2. Try adding the whole directory as an installer/updater and to BO exclusions then reboot and retry.

If these two fail, then we will look at 3 way graphics card software interactions and disabling guard32. The latter often works, but affects security and so is mostly a way of specifying to devs where the bug is.

Best wishes


(Remember to put the installer updater rule at the top of the lis - I assume you checked this last time)

Yeah, I did put it on top of list, confirmed. Tried, didn’t work.

I’ll give it a shot to what you said, and post back here the results. :azn:

So here goes, Enhanced protection mode IS disabled already.

And, finally… adding everything inside the folder to D+ rules and setting then with the Installer/Updater policy didn’t work. Adding to BO exclusions is no luck either.

!ot! I said a while back that, deactivating the Defense+ both ways (setting the bar to Disabled and disabling in the options) work. It asks for a restart after disabling in the options right? Yeah, but i don’t need to restart the PC for the app to work. Is that something to look at, or you think it’s normal?

Well that’s very strange. Ticking ‘disable D+ permanently’ is not supposed have any effect AFAIK. Will put thinking cap on.

Well lets try to see if this is guard32.dll related. Only do the following if you are sure your system is clean - ie no viruses an don’t do anything risky until it is reversed. You should find this file in the system32 directory. Rename it, and reboot.

CIS will probably complain - say D+ is not working properly - ignore this. Just try your file. Then rename back to the original name and reboot to restore max security.

AS we understand it CIS can be run and D+ still provides some security with guard32 disabled, but not as much. So if this works the recommended route is to submit a bug report.

We can also try to look for graphics interactions - don’t like the look of that Nvidia global hook

Best wishes